The FBI has cracked down on a vast botnet operation linked to a Chinese hacking group, the attackers targeted government agencies, universities, and other entities in the US.
The Five Eyes intelligence alliance issued a joint report alerting organizations to take safety measures after finding the botnet was used to deploy DDoS attacks and compromise organizations in the US.
Flax Typhoon Involved
Talking about the threat at the Aspen Cyber Summit, Chris Wray, FBI director, said the operation was launched by the Flax Typhoon group, the attackers deployed malware on more than 200,000 customer devices. In a joint operation, the FBI and US Department of Justice were able to take hold of botnet’s infrastructure, 50% of the compromised devices were found in the US.
The hijacked devices- cameras, internet routers, and video recorders, made a large botnet to steal crucial data. The attacks were similar to another botnet campaign operated by the Volt Typhoon group, it also used web-connected devices to make a botnet that hijacked systems and stole sensitive data.
But Flax Typhoon’s botnet also compromised a larger range of devices, compared to the router-based network by Volt Typhoon.
Flax Typhoon group disguises itself as an information security company but has a long history of working with close links to the Chinese government, says Wray.
“They represent themselves as an information security company—the Integrity Technology Group. But their chairman has publicly admitted that for years his company has collected intelligence and performed reconnaissance for Chinese government security agencies.”
Rise in State-sponsored Attacks
Although the operation was a success, says Wray, he warns that threats of state-sponsored attacks from China still exist. Wray warned that although this operation was a success, the wider ecosystem of state-affiliated cyber attacks out of China was still alive and well.
“This was another successful disruption, but make no mistake — it’s just one round in a much longer fight. The Chinese government is going to continue to target your organizations and our critical infrastructure, either by their own hand or concealed through their proxies, and we’ll continue to work with our partners to identify their malicious activity, disrupt their hacking campaigns, and bring them to light,” Wray said.